From eea1d88992e4f7b9f71638fd27b9c3c195c8e2cb Mon Sep 17 00:00:00 2001
From: Azat Khuzhin <a.khuzhin@semrush.com>
Date: Sat, 6 Jul 2024 13:57:06 +0200
Subject: [PATCH] ci: disable persist-credentials for actions/checkout

It is a possible security issue, see [1] for the reference.

  [1]: https://github.com/actions/checkout/issues/485
---
 .github/workflows/ci.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index dc2153f..2341b62 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -18,6 +18,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Check only *.yml extension is used
         run: find . -name '*.yaml' | grep -v .pre-commit-config.yaml && exit 1 || echo OK
@@ -51,6 +53,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v4
+        with:
+          persist-credentials: false
 
       - name: Setup Python
         uses: actions/setup-python@v5